Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Granick: Dream of Internet Freedom ‘Dying’

Black Hat keynoter Jennifer Granick imagined a day when a regulated Internet looks like a lot like television.

LAS VEGAS – The Internet is barreling down the same road of regulation and not-so-subtle censorship that has turned every other means of mass communication into a centralized and vanilla fountain of useless information. Kinda like television.

That’s the fear that today Black Hat keynoter Jennifer Granick drilled into an overflowing room, exposing the current landscape of surveillance, censorship and centralized control of content, and the complacency in which society has allowed this to happen. Granick contrasted today’s environment from that of two decades ago when she became passionate about protecting hackers and defending the civil liberties of those who tinker with software and devices in the name of making them safer.

“Twenty years ago I went to my first DEF CON because I believed in the dream of a free and open Internet. I believe in a world where there is a freedom to tinker, the hands-on imperative for those who want to study, manipulate, change and reverse engineer the software and devices that define the world around us,” said Granick, director of civil liberties at the Stanford Center for Internet and Society. “Today that dream of Internet freedom that brought me to DEF CON 20 years ago is dying.”

Laws such as the Computer Fraud and Abuse Act, the proposed U.S. rules and implementation of the Wassenaar Agreement, the Digital Millennium Copyright Act are as much to blame as society’s acceptance of the conveniences and centralization that governs today’s Internet, Granick said.

“I’m blaming governments, but I’m also blaming you and me,” Granick said. “The things we want are driving these trends.”

Rather than manage individual blogs, for example, people post to Facebook—a centralized platform. Many hackers may today run their own email servers, but for most of us, Gmail is preferred. People own mobile devices they don’t jailbreak, they download apps and approve excessive permissions. They share data with the so-called cloud, which is not a nebulous entity, but in reality a finite number of companies that control the Internet, Granick said.

“It’s Level 3 [Communications] for fiber, Amazon for servers, Google for search engines and Android,” Granick said. “The fact is that there’s a chokepoint for regulation; there’s an opportunity for control, surveillance and regulation. This isn’t looking like it’s going to change.”

Legal challenges to the hacker ethic have become increasingly pervasive. Proposed changes to CFAA hope to impose stiffer sentences for hacking violations. The proposed U.S. Wassenaar rules—which are being rewritten—were vague and promised stifling effects on security research and product safety.

“Decentralization was built into the DNA of early Internet,” Granick said. “There were dumb pipes and smart edges. It was a global network that allowed communication with anyone, anywhere and at any time. That would bring us all the hope and dreams the human mind dream up. I wanted to live in that world.”

Granick has a long history of representing hackers under duress, from the late Aaron Swartz to Mike Lynn, who 10 years ago quit his job the night before a talk at Black Hat 2005 during which he revealed vulnerabilities in Cisco routers that his former employer at the time ISS and Cisco tried to suppress.

“We fought back the suit for copyright infringement. The message [from Cisco] was loud and clear: ‘This is our software, not yours. This is our router, not yours. You’re just a licensee. We tell you what to do. You can’t decompile. You can’t study, and you can’t tell everyone what you find.'”

Granick said the key first step in the U.S. is for Congress to stop grandstanding on tougher cybercrime laws. She points out that Chinese, North Korean and Russian APT gangs responsible for large breaches aren’t being prosecuted for those intrusions. Instead, the heavy CFAA sentences, for example, are “chilling the good guys.”

“We have to declare that software users have the right to study and modify software and that laws like the CFAA not get in the way of that,” Granick said. She added that this takes on new weight with the influx of networked devices, from cars, to home automation systems, and much more.

“If we’re not allowed to study that, we’re going to be surrounded by black boxes that do things we cannot understand,” Granick said. “Get rid of the CFAA and DCMA. The public interest in the freedom to tinker needs to be protected.”

Discussion

Very interesting article! It has "woken" me up to the everyday complacency that I've given in to. It's scary to think that we may need to have secret websites in order to share our findings from tinkering.

Most of the concerns over Net Neutrality seemed to be from ISP's who were afraid that they wouldn't be able to exert more control over their customers.
It's true that defining Internet Service Providers as common carriers has its downsides, but what is the solution? Leaving things the way they were was starting not to work. Companies were starting to restrict traffic based on type and location. This could easily lead to ISP "packages" that included only parts of the Internet like cable TV packages. Net Neutrality was not something new. The concept is necessary for the Internet to remain as Jennifer Granick liked it. It would have been better if it could have been maintained without regulating it, but that was starting to change.

Another thing that is paving the way to this kind of landscape is the ISP lines that give you way more download bandwidth than upload bandwidth, and ISP's that make it more difficult than it has to be to get a static IP address.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.